<template>
    <MyArticle title="GeoServer设置图层的访问控制权限" date="2025年08月14日">
        <div class="_article-content">
            <p>GeoServer的AuthKey模块提供了一种简单的身份验证机制，适用于无法处理复杂安全协议的OGC客户端。通过在URL中附加唯一密钥，AuthKey模块允许最小形式的身份验证。</p>
            <p>经过身份验证的请求示例如下：</p>
            <pre><code>http://192.168.110.88:8080/geoserver/gwc/service/tms/1.0.0/yrsz%3Ajxsxj@EPSG%3A900913@png/9/417/295.png?authkey=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNzU1NDg2NjQyLCJleHAiOjE3NTU1Mjk4NDJ9.s9n-AcD54rTB-lFyUJYXuKAcoqp8SOI-nkccCk_hxgo</code></pre>
            <p>AuthKey官方文档地址：<a target="_blank" href="https://docs.geoserver.org/stable/en/user/extensions/authkey/index.html">https://docs.geoserver.org/stable/en/user/extensions/authkey/index.html</a></p>
            <p>下载相应版本的Key authentication插件，比如2.27.2版本地址如下：</p>
            <pre><code>https://geoserver.org/release/2.27.2/</code></pre>
            <p>在上面的页面中找到Extensions-Security：</p>
            <figure class="common">
                <a class="pswp-img" href="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/01.webp" data-pswp-width="1920" data-pswp-height="986" target="_blank">
                    <img class="thumbnail-img" src="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/01.webp"/>
                </a>
            </figure>
            <p>解压下载的文件，里面的jar包全部复制到/webapps/geoserver/WEB-INF/lib文件夹中，然后重启GeoServer服务。</p>
            <p>依据authkey的来源，有以下三种认证方式。</p>
            <h3 class="title">一、Property File</h3>
            <p>authkey在文件中定义，找到以下文件：</p>
            <pre><code>$GEOSERVER_DATA_DIR/security/usergroup/default/authkeys.properties</code></pre>
            <p>该文件包含以下类似内容：</p>
            <pre><code># Format is authkey=username
b52d2068-0a9b-45d7-aacc-144d16322018=admin</code></pre>
            <p>每一行的authkey即对应该账号的访问密钥。</p>
            <p>设置步骤如下：</p>
            <p>1、在“安全”模块下点击“认证”，然后在“身份验证筛选器”下点“新增”按钮：</p>
            <figure class="common">
                <a class="pswp-img" href="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/01.webp" data-pswp-width="1920" data-pswp-height="986" target="_blank">
                    <img class="thumbnail-img" src="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/01.webp"/>
                </a>
            </figure>
            <p>在“新验证过滤器”页面点击“AuthKey”，输入验证过滤器命名、选择Authentication Key to user mapper为“Property file”，之后点击保存：</p>
            <figure class="common">
                <a class="pswp-img" href="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/03.webp" data-pswp-width="1920" data-pswp-height="988" target="_blank">
                    <img class="thumbnail-img" src="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/03.webp"/>
                </a>
            </figure>
            <p>2、回到“安全”模块下“认证”页面，“过滤器链”点击default：</p>
            <figure class="common">
                <a class="pswp-img" href="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/07.webp" data-pswp-width="1920" data-pswp-height="945" target="_blank">
                    <img class="thumbnail-img" src="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/07.webp"/>
                </a>
            </figure>
            <p>将上面设置的身份验证器移动到anonymous前面：</p>
            <figure class="common">
                <a class="pswp-img" href="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/08.webp" data-pswp-width="1920" data-pswp-height="1080" target="_blank">
                    <img class="thumbnail-img" src="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/08.webp"/>
                </a>
            </figure>
            <p>3、再次回到“安全”模块下“认证”页面，“过滤器链”点击“添加服务链”：</p>
            <figure class="common">
                <a class="pswp-img" href="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/04.webp" data-pswp-width="1920" data-pswp-height="945" target="_blank">
                    <img class="thumbnail-img" src="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/04.webp"/>
                </a>
            </figure>
            <p>在打开的页面中设置链名称，路径填写/gwc/**，链过滤器选择上一步骤设置的名称：</p>
            <figure class="common">
                <a class="pswp-img" href="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/05.webp" data-pswp-width="1920" data-pswp-height="1080" target="_blank">
                    <img class="thumbnail-img" src="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/05.webp"/>
                </a>
            </figure>
            <p>设置完点“关闭”按钮，在返回的页面点击“保存”。</p>
            <p>4、调整过滤器链位置，通过点击上下箭头，将刚才设置的服务链移动到default上面：</p>
            <figure class="common">
                <a class="pswp-img" href="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/06.webp" data-pswp-width="1920" data-pswp-height="945" target="_blank">
                    <img class="thumbnail-img" src="https://gitee.com/bravelin/pics/raw/master/gis/geoServerTileVisitSetting/06.webp"/>
                </a>
            </figure>
            <h3 class="title">二、User Property</h3>
            <h3 class="title">三、Web Service</h3>
        </div>
    </MyArticle>
</template>